Lucene search

[email protected]CVE-2015-4486

HistoryAug 16, 2015 - 1:59 a.m.

CVE-2015-4486

2015-08-1601:59:14

CWE-119

[email protected]

web.nvd.nist.gov

cve-2015-4486

mozilla firefox

firefox esr

libvpx

remote code execution

denial of service

out-of-bounds read

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.4 High

AI Score

Confidence

Low

0.018 Low

EPSS

Percentile

88.1%

JSON

The decrease_ref_count function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via malformed WebM video data.

Affected configurations

NVD

Node

canonicalubuntu_linuxMatch12.04lts

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch15.04

opensuseopensuseMatch13.1

opensuseopensuseMatch13.2

Node

mozillafirefoxRange≤39.0.3

mozillafirefox_esrMatch38.0

mozillafirefox_esrMatch38.0.1

mozillafirefox_esrMatch38.0.5

mozillafirefox_esrMatch38.1.0

Node

oraclesolarisMatch11.3

CPENameOperatorVersion
canonical:ubuntu_linuxcanonical ubuntu linuxeq12.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq14.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq15.04
opensuse:opensuseopensuseeq13.1
opensuse:opensuseopensuseeq13.2

CPE	Name	Operator	Version
canonical:ubuntu_linux	canonical ubuntu linux	eq	12.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	14.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	15.04
opensuse:opensuse	opensuse	eq	13.1
opensuse:opensuse	opensuse	eq	13.2